to summarize:
openssl:
i will upgrade openssl to 0.9.7b. upgrade path is a little bit tricky,
due to openssl DES API changes between 0.9.6 and 0.9.7.
1. split libcrypto and libdes. libdes provides old API (like des_xx)
based on 0.9.6.
2. libcrypto becomes 0.9.7, and provides new DES API (like DES_xx) only.
(0.9.7 has source-code level backward compat code for des_xx, but
i would like to disable it as it is wacky)
3. both libdes and libcrypto will have a shlib major bump.
i have confirmed that (1) goes fine, and can run happily with heimdal
krb4 code. (1) is in ftp://ftp.itojun.org/pub/libdes.tar.gz.
heimdal:
ftp://ftp.itojun.org/pub/netbsd-krb4
has tweaks to allow disabling/enabling kerberos v4/v5 separately, based
on http://people.su.se/~lha/patches/netbsd/v4-diff.
due to the shlib major bump of libcrypto/libdes, i guess kerberos
libraries has to be bumped as well. do we want to disable v4 at this
time? it looks that libkafs will define different symbols depending
on if v4 enabled/disabled.
itojun